Infected With Trojan Rayedutu.dll - Hijackthis Log

Anyways, here's the log file. References for the risk of these programs are here, here and here. I keep being told to set microsoft outlook as the default mail client.When my desktop loads, this pops up: "RUNDLL Error loading C:\windows\system32\rayedutu.dll The specific file module could not be found."I Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\305a8e03 (Trojan.Vundo.H) -> Quarantined and deleted successfully. http://secondsolution.net/infected-with/infected-with-download-trojan-and-trojan-keylogger.php

Many of the finds have likely been quarantined. Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090927.019\EraserUtilRebootDrv.sys Status: Locked to the Windows API! Back to top #4 topband topband Authentic Member Authentic Member 83 posts Posted 02 March 2009 - 02:43 PM HI OMOK i got rootkit and did the scan ...there were 25 i downloaded and saved ERUNT as suggested and as mentioned the log below is done from a fresh start up ----the computer is slow but that is not the only problem

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff Attached Files ark.txt (21.5 KB, 18 views) 03-17-2009, 02:25 AM #10 sjb007 Security Team Colleague Join Date: Dec 2007 Location: Lincoln UK Posts: 3,217 OS: Windows/Linux My We are not here to pass judgment on file-sharing as a concept. In the Applications Tab: Clean all in the Firefox/Mozilla section if you use it.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of I'd really appreciate any help, thanks a lot guys! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell32 (Trojan.Agent) -> Quarantined and deleted successfully. Please include the C:\ComboFix.txt in your next reply for further review. __________________ 03-15-2009, 06:54 PM #3 ebolamonkey3 Registered Member Join Date: Jun 2008 Posts: 8 OS: Windows XP

C:\Documents and Settings\Julie\Local Settings\Temp\cmdo.exe.vir (Malware.Tool) -> Quarantined and deleted successfully. DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format. A pop up box will appear advising this process will permanently delete files from your system. 6. Please be patient as this can take several minutes.

Number of Scans: 2. http://maddoktor2.com/forums/index.php?topic=1548.0;wap2 Clean all entries in the "Advanced" section. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sofalakoke (Trojan.Vundo.H) -> Delete on reboot. Please post in the forums so others may benefit as well.Unified Network of Instructors and Trusted Eliminators Back to top #3 teacup61 teacup61 Bleepin' Texan!

C:\WINDOWS\system32\jumuwoza.dll (Trojan.Vundo.H) -> Delete on reboot. this contact form J'ai pourtant tout bien fait donc je ne vois pas pourquoi ça ne fonctionne pas... We will install an antivirus program as soon as we can.Open hijackthis, do a system scan only and checkmark these lines, if presentO4 - HKLM\..\Run: [26ffb988] rundll32.exe "C:\WINDOWS\system32\zelojive.dll",bO4 - HKLM\..\Run: [CPM25cc8a14] Even for an advanced computer user.

I've never been here before but if anyone can give me some advice it would great.When I was on the web multiple windows popped up in my browser forcing me to J'ai supprimé tous les programmes susceptibles de gêner, il n'y a rien à faire. again i ran the rootkit and over 250 infections were found .... Once the scan is complete, it will display if your system has been infected.

The mouse just shows the hourglass that indicates that it's working for about 10 seconds and then the hourglass disappears and nothing happens. C:\WINDOWS\system32\hofohulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Path: C:\Documents and Settings\pputre\Local Settings\Apps\2.0\HY1XTD47.Y0C\AZ93VZBA.Y0L\manifests\ReportBuilder.manifest Status: Locked to the Windows API! Check This Out The program will then begin downloading and installing and will also update the database.

Do not change any settings unless otherwise told to do so. C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time 0 #3 pixman Posted 12 January 2010 - 11:49 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Start here -> Malware Removal Forum. Copie/colle ce rapport dans ta prochaine réponse. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. what i've seen in this matter is the disabling of the MALWAREBYTES program and AVG ...so i cant scan ...hijack works and below is the latest file log after start up

Consistently helpful members with best answers are invited to staff. Some like Warcraft 3 will still work but others like Malewarebytes and Adaware will not open at all. NEVER A OR CHANGE ANY KEY*] "‘U‘b"=hex:99,22,6f,53,dc,7f,0e,da,f8,e8,90,2b,e1,ea,98,e6,13,f5,dd,30,17,ac, 8a,7b,a6,c6,7f,99,6d,63,b0,d6,79,be,c8,07,7a,82,bd,88,53,2c,83,27,65,17,f1,\ "šqÏé"=hex:70,3a,d8,b9,d7,67,6b,f8,75,bd,1a,15,db,9a,9e,7b [HKEY_USERS\S-1-5-21-903799043-3936555498-3530114443-1008\Software\SecuROM\License information*] "datasecu"=hex:e0,38,c2,49,f0,a5,b0,69,40,eb,07,e1,d7,0c,a4,72,d3,0f,b8,92,99, 49,57,23,09,ff,ff,f3,e8,5d,2b,1b,bc,99,f2,04,54,b7,59,cc,4e,1a,59,07,d1,60,\ "rkeysecu"=hex:e2,a5,e5,ff,cf,f0,0f,a2,c7,ac,31,76,e0,e5,3a,7b . --------------------- ÔËÐÐ½ø³ÌÏÂµÄ¶¯Ì¬Á´½Ó¿â --------------------- - - - - - - - > 'winlogon.exe'(816) c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll . ------------------------ ÆäËûÔËÐÐ½ø³Ì Click View scan report at the bottom.